Aplicacion Para Escribir Textos

In addition, any DOM property can be associated with a privilege (user defined) as discussed in the"Configurable Security" section.

JavaScript Features Requiring PrivilegesThis section lists the JavaScript features that require expanded privilegesand the target used to access each feature. Unsigned scripts cannot useany of these features, unless the end user has enabled codebase principals.

ExampleThe following script includes a button, that, when clicked, displays analert dialog containing part of the URL history of the browser. To workproperly, the script must be signed.function getHistory(i) //Attempt to access privileged information return history[i];function getImmediateHistory() //Request privilege netscape.security.PrivilegeManager.enablePrivilege( "UniversalBrowserRead"); return getHistory(1);...[Return to Top]Writing the ScriptThis section describes special considerations for writing signed scripts.
Hints for Writing Secure JavaScriptCheck the Location of the ScriptIf you have signed scripts in pages you have posted to your site, it ispossible to copy the JAR file from your site and post it on another site.As long as the signed scripts themselves are not altered, the scripts willcontinue to operate under your signature. (See "DebuggingInvalid Signature Errors" for one exception to this rule.)If you wish to prevent this, you can force your scripts to work onlyfrom your site.if (location.href.match(/^http:\/\/www.company.com\//)) netscape.security.PrivilegeManager.enablePrivilege(...); // Do your stuffThen if the JAR file and script are copied to another site, they no longerwork. If the person who copies the script alters it to bypass the checkon the source of the script, the signature is invalidated.
Minimize the Trusted Code BaseIn security parlance, the trusted code base (TCB) is the set ofcode that has privileges to perform restricted actions. One way to improvesecurity is reduce the size of the TCB, which then gives fewer points forattack or opportunities for mistakes.For example, the following code, if executed in a signed script withthe user's approval, opens a new window containing the history of the browser:netscape.security.PrivilegeManager.enablePrivilege( "UniversalBrowserAccess");var win = window.open();for (var i=0; i < history.length; i++) win.document.writeln(history[i] + "
");win.close();The TCB in this instance is the entire script because privileges are acquiredat the beginning and never reverted. You could reduce the TCB by rewritingthe program as follows:var win = window.open();netscape.security.PrivilegeManager.enablePrivilege( "UniversalBrowserAccess");for (var i=0; i < history.length; i++) win.document.writeln(history[i] + "
");netscape.security.PrivilegeManager.revertPrivilege( "UniversalBrowserAccess");win.close();With this change, the TCB becomes only the loop containing the accessesto the history property. You could avoid the extra callto revert the privilege by introducing a function:function writeArray() netscape.security.PrivilegeManager.enablePrivilege( "UniversalBrowserAccess"); for (var i=0; i < history.length; i++) { win.document.writeln(history[i] + "
"); }var win = window.open();writeArray();win.close();The privileges are automatically reverted when writeArray returns,so you don't have to do so explicitly.
[Return to Top]International Characters in Signed ScriptsWhen used in scripts, international characters can appear in string constantsand in comments. JavaScript keywords and variables cannot include specialinternational characters.Scripts that include international characters cannot be signed becausethe process of transforming the characters to the local character set invalidatesthe signature. To work around this limitation:Signing ScriptsDuring development of a script you'll eventually sign, you can use codebaseprincipals for testing, as described in "CodebasePrincipals". Once you've finished modifying the script, you need tosign it. The major difference in signing scripts between 4.x and Mozilla is that inMozilla, the entire page must be signed, as opposed to only the scriptrunning on the page. For any script to be granted expanded privileges, all scripts onor included by an HTML page must be signed.You can sign JavaScript files (accessed with theSRC attributeof the SCRIPT tag), inline scripts, event handler scriptsJavaScript entities and javascript: URLs.Using SignToolUse SignTool to sign scripts. SignTool is a program that signs scripts and HTML files, and packages them in a JAR file with the signature. It can be download from ftp.mozilla.org as part of the NSS package.You'll also need to download NSPR.The signtool program extracts scripts from HTML files, signsthem, and places their digital signatures in the archive specified in the command line.It also takes care of copying external JavaScript files loaded by the SRCattribute of the SCRIPT tag. The SCRIPT tags in the HTMLpages can specify more than one JAR file; if so, signtool createsas many JAR files as it needs.For information on using this tool, see UsingSignTool.
Here is an example of the syntax needed for signing scripts% signtool -k"Cert Name" -Z"secure.jar" secure-files/This command will create a JAR file (secure.jar) signed by "Cert Name". All the JavaScript and HTML files in the directory secure-files/ will be signed and stored in the JAR file.After SigningOnce you've signed a script, any time you change it you must resign it.For JavaScript files, this means you cannot change anything in the file. A change can be as simple as adding or removing white space in the script.For testing, use SignTool to create a test certificate (see documentation).However, end users will not be able to use the test certificate, so remember to obtain a certificate from a certificate authority in order to serve a signed script on the web.Accessing a Signed PageNew in Mozilla is the syntax needed to access signed scripts within JAR files. The syntax is as follows:jar: -scripts/secure.jar!/thepage.htmlScripts will only be treated as signed if the HTML page that containsthem is using a URL of this form.CHANGE NOTE: Browsers based on Mozilla code version 1.8.1.10 or later(e.g. Firefox 2.0.0.10) will not open files using the jar: URI scheme unlessthe server sends a Content-Type header that indicates the archiveis safe to be treated as active code. You must configure your server to sendapplication/java-archive for these files (application/x-jaris also supported).Changes to a signed script's byte stream invalidate the script's signature.This includes moving the HTML page between platforms that have differentrepresentations of text. For example, moving an HTML page from a Windowsserver to a UNIX server changes the byte stream and invalidates the signature.(This doesn't affect viewing pages from multiple platforms.) To avoid this,you can move the page in binary mode. Note that doing so changes the appearanceof the page in your text editor but not in the browser.[Return to Top]Troubleshooting Signed ScriptsException HandlingException handling is highly recommended when using signed scripts. Itallows you to deal gracefully with errors or the user choosing to deny a privilege.For example: